Azure Resource Manager offers built-in roles that can be assigned to users, groups, or service principals.
Some of these roles should be carefully assigned as they grant sensitive permissions like the ability to reset passwords for all users.

An Azure account that fails to limit the use of such roles has a higher risk of being breached by a compromised owner.

This rule raises an issue when one of the following roles is assigned:

* Contributor (b24988ac-6180-42a0-ab88-20f7382dd24c)
* Owner (8e3af657-a8ff-443c-a75c-2fe8c4bcb635)
* User Access Administrator (18d7d88d-d35e-4fb5-a5c3-7773c20a72d9)